به روز رسانی ماه آپریل 2020 مایکروسافت و رفع 3 آسیب پذیری Zero-day

april2020

مایکروسافت وصله های امنیتی روز سه شنبه این ماه خود را منتشر کرد. در این به روزسانی ها 3 آسیب پذیری Zero-day و 15 آسیب پذیری با درجه اهمیت "حیاتی" و 93  آسیب پذیری "مهم" رفع گردیده است.

بهتر است کاربران هر چه سریعتر جهت مقابله با ریسک های شناخته شده این وصله های امنیتی را دریافت و نصب نمایند.

آسیب پذیری های Zero-day رفع شده در این به روز رسانی :

به گزارش مایکروسافت دو آسیب پذیری زیر به صورت عمومی افشا شده است :

CVE-2020-1020 - Adobe Font Manager Library Remote Code

CVE-2020-0935 - OneDrive for Windows Elevation of Privilege

و دو آسیب پذیری زیر مورد سوءاستفاده قرار گرفته اند :

CVE-2020-0938 - Adobe Font Manager Library Remote Code Execution

CVE-2020-1020 - Adobe Font Manager Library Remote Code Execution

 

وصله امنیتی منتشر شده برای برای آسیب پذیری روز صفر  Adobe Font Manager

آسیب‌پذیری‌های مذکور از مدیریت نادرست فونت‌های دستکاری شده از نوع Multi-master با قالب Adobe Type ۱ PostScript در Adobe Font Manager Library ناشی می‌شوند.
مهاجم به بهره جویی موفق در تمامی سیستم‌ها بجز Windows ۱۰  قادر به اجرای کد مورد نظر خود به‌صورت از راه دور است. همچنین سوءاستفاده از این آسیب‌پذیری‌ها در Windows ۱۰ به مهاجم این امکان را می‌دهد که در یک بستر موسوم به AppContainer Sandbox با سطح دسترسی و امکانات محدود اجرا کرده و در ادامه اقدام به نصب برنامه، مشاهده کردن، تغییر دادن و حذف نمودن داده‌ها و حتی ایجاد کردن حساب‌های کاربری با سطح دسترسی کامل کند.

قبلا برای این آسیب پذیری ها از راهکارهای مختلفی مثل غیرفعال کردن preview panes و سرویس های مختلف و اصلاح رجیستری  برای کاهش خطرات امنیتی و مسدود سازی حملات استفاده می شد که با وجود به روزرسانی منتشر شده اخیر دیگر نیازی به این اقدامات نخواهد بود و کاربرانی که قبلا این راهکارها را مورد استفاده قرار داده اند لازم است آنها را به تنظیمات قبل بازگردانند.

در جدول زیر لیست کامل وصله های امنیتی منتشر شده را مشاهده می نمایید :

TagCVE IDCVE TitleSeverity
Android App CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability Important
Apps CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability Important
Microsoft Dynamics CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Dynamics CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure Important
Microsoft Dynamics CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Dynamics CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-0952 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0938 Adobe Font Manager Library Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0958 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0964 GDI+ Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-0784 DirectX Elevation of Privilege Vulnerability Important
Microsoft JET Database Engine CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability Critical
Microsoft Office SharePoint CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability Moderate
Microsoft Office SharePoint CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2020-0966 VBScript Remote Code Execution Vulnerability Low
Microsoft Scripting Engine CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability Low
Microsoft Scripting Engine CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0967 VBScript Remote Code Execution Vulnerability Moderate
Microsoft Windows CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0934 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1011 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1016 Windows Push Notification Service Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0794 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1009 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0981 Windows Token Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability Important
Microsoft Windows DNS CVE-2020-0993 Windows DNS Denial of Service Vulnerability Important
Open Source Software CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability Important
Remote Desktop Client CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability Important
Visual Studio CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Important
Windows Defender CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability Important
Windows Defender CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0699 Win32k Information Disclosure Vulnerability Important
Windows Kernel CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0955 Windows Kernel Information Disclosure in CPU Memory Access Important
Windows Kernel CVE-2020-1015 Windows Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1007 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2020-0957 Win32k Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0956 Win32k Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0962 Win32k Information Disclosure Vulnerability Important
Windows Kernel CVE-2020-0821 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0888 DirectX Elevation of Privilege Vulnerability Important
Windows Media CVE-2020-0948 Media Foundation Memory Corruption Vulnerability Critical
Windows Media CVE-2020-0937 Media Foundation Information Disclosure Vulnerability Important
Windows Media CVE-2020-0949 Media Foundation Memory Corruption Vulnerability Critical
Windows Media CVE-2020-0939 Media Foundation Information Disclosure Vulnerability Important
Windows Media CVE-2020-0950 Media Foundation Memory Corruption Vulnerability Critical
Windows Media CVE-2020-0946 Media Foundation Information Disclosure Vulnerability Important
Windows Media CVE-2020-0947 Media Foundation Information Disclosure Vulnerability Important
Windows Media CVE-2020-0945 Media Foundation Information Disclosure Vulnerability Important
Windows Update Stack CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-0983 Windows Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability Important

 

منبع :

https://www.bleepingcomputer.com/

 

افزودن دیدگاه جدید

نظر خودتان را ارسال کنید

کاربر گرامی چنانچه تمایل دارید، نقد یا نظر شما به نام خودتان در سایت ثبت شود، لطفا وارد سایت شوید.

طراحی سایت طراحی سایت طراحی سایت طراحی سایت

کلیه حقوق این سایت محفوظ و متعلق به شرکت مهندسی تحقیق و توسعه ارتباط پانا می باشد.

گفتگوی آنلاین